A blog by Oleg Shilovitsky
Information & Comments about Engineering and Manufacturing Software

Cloud PLM and “Good Enough” Security

Cloud PLM and “Good Enough” Security
Oleg
Oleg
9 July, 2012 | 2 min for reading

When it comes to “cloud PLM”, the discussion about “security” is almost inevitable. This is one of the top concerns of people and, at the same way, top argument of IT and other people arguing against use of public (and other variations of) cloud PLM systems. I’m reading about security topic and the cloud in many blogs these days. The topic comes in different variations and aspects. Few days ago, I came across the article in ReadWriteWeb Enterprise blog – Why “Good Enough” Security Really Is Good Enough for Most Companies. Spend some time and have a read. This article resonated with some of my comments I’ve made previously about cloud, PLM and security. At the end it comes to the risk. The following passage I especially liked:

It may sound cynical, but avoiding legal liability for security negligence is an excellent goal. Not only does it protect your business, but it generally requires your organization to take advantage of the best practices and policies that are widely agreed upon. Security quality standards and independent auditors are the best protection against being found negligent, and they put businesses at the same starting line as everyone else.

Another thing about security rules I see as a very important is related to how organization can make security rules reasonable. Here is the situation I’ve seen many times. A company made very strict rules on how to share documents outside of organization with a portal and set of very complicated rules. At the same time, you can see how people are sharing files using Gmail and Google Drive / Docs. Another passage from ReadWriteWeb speaks exactly about that:

Make realistic rules. If you’re not realistic, employees will tune you out. If you say “don’t ever do X,” but someone turns out to have a good reason to do X, they will take the rules less seriously. It’s far better to explain why an employee shouldn’t do X, list some alternatives, and give mitigating advice for the times when X is unavoidable. For example, when extremely complex password requirements result in passwords no one can memorize, they end up on post-its near the desk. Such a complex password policy should be accompanied by advice on how to manage an unmemorable password. (For example, “Keep it in your wallet, not on the wall.”)

So, what is my conclusion? To set up realistic rules and goal for “good enough” is a way to go. I can see companies that will keep their gates closed. However, low cost barrier and good compromise will drive many companies to adopt cloud PLM sooner than later. Just my thoughts.

Best, Oleg

Recent Posts

Also on BeyondPLM

4 6
23 March, 2025

There’s a classic saying: “If all you have is a hammer, everything looks like a nail.” Most of the time,...

16 February, 2010

Social is hot. Social networks, social applications, social enterprise, social CRM… social PLM (?). I put a question mark, since...

23 May, 2017

I’m attending PTC LiveWorx event this week in Boston. The event is huge and it is just at the beginning....

15 January, 2018

IoT became a huge buzzword over the past few years. I’m following this topic and sometimes I feel lost in...

9 September, 2023

I traveled to San Francisco earlier this week to attend Autodesk DevCon 2023 – the conference for developers and Autodesk...

21 May, 2017

I learned yesterday that integration is ranked more important then security with end users in ongoing CIMdata cloud PLM survey....

26 October, 2015

Historically, PLM products are well know for being complicated and hard to use. It has deep roots in the way...

5 June, 2020

Happy Friday! It is a dream day and I want to continue the article I wrote a few months ago...

8 June, 2019

I spent the last three days at IDE 2019 – a summer school organized by Core-Lab of the University of...

Blogroll

To the top